Nearly every company uses open source. Many of these open source projects are maintained by volunteer (unpaid) programmers. Should these companies pay the developers? This debate was reignited last week. On Friday, there was a remote execution vulnerability was found in a log4j, a popular open source Java logging library. This vulnerability has widespread consequences – most likely millions of companies are open to attack, including many of the Fortune 500.